<html>
<head><meta charset="utf-8"><title>noalias semantics · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html">noalias semantics</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="174539272"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174539272" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174539272">(Aug 30 2019 at 12:31)</a>:</h4>
<p>So <span class="user-mention" data-user-id="120791">@RalfJ</span> (or others) I was thinking over our conversation from yesterday. I went looking to read up on what the rules for noalias -- vague or ill-specified as they may be -- are. I didn't find much. From <a href="http://llvm.org/docs/LangRef.html" target="_blank" title="http://llvm.org/docs/LangRef.html">the language reference manual</a> I see:</p>
<blockquote>
<p>This indicates that objects accessed via pointer values based on the argument or return value are not also accessed, during the execution of the function, via pointer values not based on the argument or return value. The attribute on a return value also has additional semantics described below. The caller shares the responsibility with the callee for ensuring that these requirements are met. For further details, please see the discussion of the NoAlias response in alias analysis.</p>
</blockquote>
<p>Clicking through to the discussion of "no-alias" doesn't add a lot of detail.</p>
<p><em>Ah</em>, writing this comment has helped clarify my confusion I think. What I was wondering about was: why aren't<code>*mut</code> values to the generator considered to conflict with a <code>&amp;mut</code> to some interior field <code>X</code> (from LLVM's POV)? And the answer, I think, is that the <code>*mut</code> isn't used to access that field <code>X</code> (i.e., the LLVM definition is based solely on the "objects accessed").</p>
<p>I guess the next question is what LLVM means when it says <em>objects</em>. That is, what is the granularity of a conflict -- byte ranges? word ranges? etc. I naively interpret that pretty broadly (e.g., the entire struct), in which case it seems like there is still a problem, but I suspect that the language above may be overly broad. I guess the question would be in what situation LLVM might synthesize access to fields of memory that was not originally accessed?</p>



<a name="174549356"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174549356" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174549356">(Aug 30 2019 at 14:26)</a>:</h4>
<blockquote>
<p>naively interpret that pretty broadly (e.g., the entire struct)</p>
</blockquote>
<p><span class="user-mention" data-user-id="116009">@nikomatsakis</span>  IIUC this interpretation is correct. E.g. when accessing e.g. <code>&amp;self.field</code> we tell LLVM that <code>Self</code> is some struct, that <code>&amp;self</code> is a pointer to <code>Self</code> that is <code>noalias</code>, <code>dereferenceable(sizeof(struct))</code>, etc. and that the <code>.field</code> access is <code>inbounds</code> of that struct. IIRC, the LLVM docs cover this in the <code>getelementptr</code> section, and its <code>inbounds</code> subsection.</p>



<a name="174549510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174549510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174549510">(Aug 30 2019 at 14:28)</a>:</h4>
<p>IIUC the problem is that we access some fields of the generator using such an approach, while simultaneoulsy using a pointer not derived from <code>&amp;self</code> to mutate the contents of the struct.</p>



<a name="174553216"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174553216" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174553216">(Aug 30 2019 at 15:09)</a>:</h4>
<p>"derived from" here means <a href="http://llvm.org/docs/LangRef.html#pointeraliasing" target="_blank" title="http://llvm.org/docs/LangRef.html#pointeraliasing">"based on"</a>?</p>



<a name="174553575"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174553575" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174553575">(Aug 30 2019 at 15:13)</a>:</h4>
<p>I guess I have to go refresh my memory as to what the MIR etc looks like, but I'm (naively) assuming that resuming a generator is something like:</p>
<ul>
<li>load discriminant to find which await we are at</li>
<li>branch to that place</li>
<li>load the values of local variables from various fields</li>
</ul>
<p>I suppose what we could alternatively do is to rewrite local variables to directly access from <code>self</code>, so that we are not using the stack. </p>
<p>Either way, if there is some local variable of type <code>&amp;mut</code> (which points elsewhere in the struct), then at some point we'll have something sort of like:</p>
<div class="codehilite"><pre><span></span><span class="n">p</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="bp">self</span><span class="p">.</span><span class="n">stored_value_of_p</span><span class="w"></span>
</pre></div>


<p>and I guess that <code>p</code> is not considered "based on" <code>self</code> here? The LLVM definition made it sound specific to GEP -- i.e., I didn't see loads -- though I guess you could insert an <code>inttoptr</code> to kind of alter things.</p>



<a name="174553581"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174553581" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174553581">(Aug 30 2019 at 15:13)</a>:</h4>
<p>I guess I should go re-read the original comments more closely.</p>



<a name="174553621"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174553621" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174553621">(Aug 30 2019 at 15:13)</a>:</h4>
<p>(Separately and relatedly, I do wonder if "alias sets" or other bits of LLVM metadata give us a bit more expressive power)</p>



<a name="174556355"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174556355" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174556355">(Aug 30 2019 at 15:45)</a>:</h4>
<p>I think "object" can in particular also be a "subobject" here</p>



<a name="174559626"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174559626" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174559626">(Aug 30 2019 at 16:20)</a>:</h4>
<p>so that effectively makes it byte-level</p>



<a name="174559627"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174559627" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174559627">(Aug 30 2019 at 16:20)</a>:</h4>
<blockquote>
<p>and I guess that p is not considered "based on" self here? The LLVM definition made it sound specific to GEP -- i.e., I didn't see loads -- though I guess you could insert an inttoptr to kind of alter things.</p>
</blockquote>
<p>it would be rather strange IMO when a pointer stored in memory would be "based on" the pointer used to load it</p>



<a name="174559628"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174559628" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174559628">(Aug 30 2019 at 16:20)</a>:</h4>
<p>also we already assume that text is wrong: we assume it is also okay to have many accesses to the same object through different pointers that are all <code>noalias</code>, as long as all accesses are reads...</p>



<a name="174559629"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174559629" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174559629">(Aug 30 2019 at 16:20)</a>:</h4>
<p>I think that also would be a fairly ill-behaved semantics</p>



<a name="174578733"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias%20semantics/near/174578733" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/noalias.20semantics.html#174578733">(Aug 30 2019 at 20:11)</a>:</h4>
<p>you want the round-trip of storing a ptr in memory and loading it again to leave that ptr unchanged, not make it acquire new provenance from the ptr used to store/load the ptr</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>